Building Trust 25 September 2019

The Internet Society’s Online Trust Alliance Announces Methodology for Eleventh Online Trust Audit and Honor Roll

Criteria updated to include increased focus on encryption and global privacy regulations; international retail segments added

Reston, VA – September 25, 2019 – The Internet Society’s Online Trust Alliance (OTA), which identifies and promotes security and privacy best practices that build consumer confidence in the Internet, today released the methodology for the forthcoming 2019 Online Trust Audit and Honor Roll. This marks the eleventh time OTA has conducted its Online Trust Audit, which promotes responsible online privacy and data security practices, and recognizes leaders in the public and private sectors who have embraced them.

As the only comprehensive, independent online trust benchmark study, the Online Trust Audit evaluates sites in three categories: consumer protection, site security and stated privacy practices. Based on a composite weighted analysis, sites that score 80 percent or better overall, without failing in any one category, will be recognized in the Honor Roll. The Audit will analyze more than 1,000 consumer-facing organizations including top online retailers, banks, consumer service sites, government agencies, news and media companies, Internet Service Providers, mobile carriers, email providers and web hosters, and healthcare companies. New in 2019 will be an audit of online retailers in Asia, Europe and Latin America.

The 2019 methodology incorporates input from leading companies, consumer groups, security professionals and associations, as well as generally accepted and deployed security standards. Data collection and evaluations will commence in late October and run through the end of November, with the report being published in January 2020.

“As highlighted in our recent Cyber Incident and Breach Trends Report, the number of cyber incidents continues to grow,” said Jeff Wilbur, Technical Director of the Internet Society’s Online Trust Alliance. “The vast majority of these incidents are preventable by following basic best practices, which we outline and assess in our Online Trust Audit. Organizations and their customers will both benefit from understanding and following these best practices.”

Key changes to this year’s Audit include:

  • Consumer Protection (email authentication, anti-phishing, and domain security technologies) – increased weight for implementation of Domain-based Message Authentication, Reporting and Conformance (DMARC), and incorporation of opportunistic Transport Layer Security (TLS), which encrypts email between servers, into baseline (vs. bonus) scoring.
  • Site Security (site configuration, TLS/SSL infrastructure, presence of site vulnerabilities, observed malware, and related security and data protection enhancing controls) –weight will be increased for “HTTPS-everywhere”, and elements such as web security headers, application and network security, and software patching. Weight will be reduced for extended validation (EV) certificates.
  • Privacy (stated policies and practices including data retention, disclosures, user anonymity, third-party data sharing, opt-out mechanisms and observing sensitive data barriers) – privacy statement assessment will make up the 100 baseline points while use of third-party trackers that share data inappropriately will reduce the baseline score. Data sharing language will be further segmented to provide more granular assessment. Do Not Track (DNT) will not be included in the assessment. Bonus points will be given for language following concepts included in new or upcoming privacy regulations such as General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).

The full 2019 Audit methodology is posted at https://www.internetsociety.org/2019audit.

About the Internet Society’s Online Trust Alliance (OTA)

The Internet Society’s Online Trust Alliance (OTA) identifies and promotes security and privacy best practices that build consumer confidence in the Internet. Leading public and private organizations, vendors, researchers, and policymakers contribute to and follow OTA’s guidance to help make online transactions safer and better protect users’ data. The Internet Society is a global nonprofit dedicated to ensuring an open, globally connected, trustworthy, and secure Internet for everyone.

###

Related resources

Building Trust 8 October 2019

OTA’s Trust Audit Scores U.S. Presidential Candidates’ Campaigns, Finds Major Failures in Privacy Statements

Reston, VA. – October 8, 2019 – The Internet Society’s Online Trust Alliance (OTA), which identifies and promotes security and privacy...

Building Trust 9 July 2019

Internet Society’s Online Trust Alliance Reports Cyber Incidents Cost $45B in 2018

Reston, VA – July 9, 2019 – The Internet Society’s Online Trust Alliance (OTA), which identifies and promotes security and privacy...

Building Trust 11 June 2019

Cyber Criminals, Social Media, Lack of Security Increasingly Fueling Internet Distrust

June 11, 2019 (Waterloo, CANADA) — In a new survey of Internet users around the globe, social media companies...